Android Application Inter-component Communication Analysis And Implementation

With the popularity of mobile Internet and the widespread use of smart phones,Android has become the most popular operating system at the smartphone market.The success of Android OS can partially be attributed to the communication model,named Inter-Component Communication(ICC),which promotes the development of loosely coupled applications.Specifically,the applications are divided into components that can exchange data within a single application and across several applications.Unfortunately,the ICC models which provide a mechanism for data exchanging between components can be misused by malicious applications to threaten users' privacy.Thus,to detect privacy leaks in Android malware,ICC analyzing plays a fundamental role which directly affects the accuracy in tracking leaks.However,in the existing ICC analysis approaches,Inter-Component Intent Revision(ICIR),i.e.revision of an Intent i outside the component where i is created,is not considered such that lots of potential leaks will escape from being tracked.This paper is dedicated to ICC analysis containing ICIR in Android applications,the contributions are summarized as follows:1.According to the attributes of the Inter-Component Communication in Android applications and the shortcomings of the existing tools,the relative analysis theory and method are put forward.(1)The Android application is analyzed by using the plug-in method.To obtain more complete ICC values of ICIR,we integrate the results of ICC analysis.(2)On the basis of the analysis of ICIR,the ICC Link model,which is widely used in Flow,is extended to the ICCF(Inter-Component Communication,ICCF),which is more expressive.(3)In order to provide ICC analysis results for leak detecting tools,this paper constructs ICCG(Inter-Component Communication Graph,ICCG).Compared with ICCF,ICCG is not only more convenient to access,but also makes the results more accurate in the leak detection.2.Based on the existing tools of Soot and IC3,we design the basic framework of Inter-Component Communication analysis tools on Android applications,called Icca.The tool can analyze ICIR values,construct ICCF,build ICCG,and provide interface for the taint flow analysis tool called Icc TA.Naturally,the results of Icc TA will be more complete.3.In order to check the correctness and effectiveness of our method,as well as the robustness of Icca,we conduct a series of experiments.The experiments cover 2260 Android applications,including 1000 apps which are downloaded from Google Play randomly,and 1260 malicious apps from Mal Genome dataset.Moreover,Icca is evaluated from five aspects such as ICIR analysis and targeting components in this thesis,and the results are encouraging.